Skip to Navigation
Skip to Main content
OIG Home
OIG Home

IN THIS SECTION

Skip SHARE THIS PAGE section Skip STAY CONNECTED section

Audit Highlights

The following are highlights of our work during the April 1, 2016–September 30, 2016 semiannual reporting period.

Audits, Evaluations, Inspections

The Board's Release of Economic Information Provided Under Embargo. We identified opportunities for the Board (1) to adhere more strictly to controls that already exist in policies, procedures, and agreements with participating news organizations to protect information provided to news organizations under embargo and (2) to establish new controls to more effectively safeguard embargoed economic information. We also identified risks to providing information under embargo through the Board's embargo application.

The CFPB's Government Travel Card Program. We found that although the CFPB had implemented several controls over its government travel card program, some controls were not designed or operating effectively (1) to prevent or identify unauthorized use of the government travel cards and (2) to provide reasonable assurance that cards are closed out in a timely manner upon employees' separation.

The CFPB's Coordination on Consumer Financial Education. We found that the interagency coordination process steps followed by the offices in the Division of Consumer Education and Engagement that target students, older Americans, servicemembers, and traditionally underserved individuals align with interagency coordination best practices. Further, these offices have processes in place to help mitigate risks related to interagency coordination that were identified by other federal agencies that provide consumer financial education.

The Board's Active Directory. Overall, we found that the Board is effectively administering and protecting the Active Directory infrastructure. However, we found that the Board can strengthen Active Directory controls in the areas of risk management, continuous monitoring, user group management, contractor account management, and system documentation. In addition, we identified a risk for management's continued attention related to transport layer security.

RELATED INFORMATION

Audits FAQs

See common Audits questions and answers.

Audit Reports

View a sortable list of audits, evaluations, and other reviews.